- From: Ben Kelly <notifications@github.com>
- Date: Wed, 21 Oct 2015 07:13:37 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <slightlyoff/ServiceWorker/issues/719/149908726@github.com>
Some corner cases: Consider: 1) a.com/index.html loads stylesheet at b.com/foo.css as no-cors 2) b.com/foo.css @imports stylesheet at a.com/bar.css 3) a.com/bar.css loads background-image a.com/snafu.jpg Should SW and performance see data for snafu.jpg? I think everything @imported under a tainted sheet should be hidden. @igrigorik, note this is not really covered by the current language in the performance spec: > For each resource fetched by the current browsing context, excluding resources fetched by cross-origin stylesheets fetched with no-cors policy, perform the following steps: This raises further issues like this: 1) a.com/index.html loads stylesheet at b.com/foo.css as no-cors 2) b.com/foo.css @imports stylesheet at a.com/bar.css 3) a.com/bar.css loads background-image a.com/snafu.jpg 4) a.com/index.html loads stylesheet at a.com/thepain.css 5) a.com/thepain.css @imports stylesheet at a.com/bar.css 6) a.com/bar.css loads background-image a.com/snafu.jpg Here snafu.jpg should be hidden in step 3, but what happens to snafu.jpg in step 6? It seems the stylesheet should not be shared from tainted import with non-tainted import. I'm not sure if the image cache would prevent a network load in step 6, though. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/719#issuecomment-149908726
Received on Wednesday, 21 October 2015 14:14:05 UTC